[openssl-dev] How to do reneg with client certs in 1.1.0 API

[Viktor Dukhovni]

> On Feb 8, 2016, at 9:26 AM, Matt Caswell <matt at openssl.org> wrote:
> 
> SSL_renegotiate(ssl);
> SSL_do_handshake(ssl);
> do {
>    read_some_app_data();
>    if(no_client_cert_yet()) {
>        discard_app_data();
>    }
> } while(no_client_cert_yet());

At what point in the handshake would a query for client
certificates show their presence?  Is it always strictly
after the new "finished" message?  An additional check for
the completion of the handshake may be appropriate.

-- 
-- 
	Viktor.